Hacking

Experts released PoC exploits for severe flaws in Netgear Orbi routers

Cisco Talos researchers published PoC exploits for vulnerabilities in Netgear Orbi 750 series router and extender satellites.

Netgear Orbi is a line of mesh Wi-Fi systems designed to provide high-speed, reliable Wi-Fi coverage throughout a home or business. The Orbi system consists of a main router and one or more satellite units that work together to create a seamless Wi-Fi network that can cover a large area with consistent, high-speed Wi-Fi.

One of the key benefits of the Orbi system is its use of mesh networking technology, which allows the satellite units to communicate with the main router and with each other to provide strong Wi-Fi coverage throughout the home or business.

Cisco worked with Netgeat to solve the issues and is disclosing them according to its 90-day timeline outlined in Cisco’s vulnerability disclosure policy.

Cisco Talos researchers published Proof-of-concept (PoC) exploits for multiple vulnerabilities in Netgear’s Orbi 750 series router and extender satellites.

The experts discovered four vulnerabilities in the Netgear Orbi mesh wireless system, the most critical one is a critical remote code vulnerability, tracked as CVE-2022-37337 (CVSS v3.1: 9.1), that resides in the access control functionality of the Netgear Orbi router.

“A command execution vulnerability exists in the access control functionality of Netgear Orbi Router RBR750 4.6.8.5.” states Talos. “An attacker can make an authenticated HTTP request to trigger this vulnerability.”

A threat actor can exploit the flaw by sending a specially crafted HTTP request.

“Talos discovered a vulnerability in the Orbi Satellite — TALOS-2022-1596 (CVE-2022-37337) — that could lead to arbitrary command execution on the device. The user needs to authenticate into the mesh system first, meaning they’d need to access an unprotected network or the login credentials of a password-protected network, for this attack to be successful. Then, the adversary needs to send a specially crafted HTTP request to trigger the vulnerability.” reads the advisory published by Cisco Talos.

Cisco published a Proof of Concept exploit for this issue:

Below is the timeline for this issue that was reported by Dave McDaniel of Cisco Talos:

2022-08-30 – Initial Vendor Contact
2022-09-05 – Vendor Disclosure
2023-01-19 – Vendor Patch Release
2023-03-21 – Public Release

Another two issues discovered by the researchers are respectively tracked TALOS-2022-1595 (CVE-2022-38452) and TALOS-2022-1597 (CVE-2022-36429). The flaws impacts the main Orbi router, their exploitation can lead to arbitrary command execution if the attacker sends a specially crafted network request or JSON object, respectively.

The last flaw discovered by Talos is tracked as TALOS-2022-1598 (CVE-2022-38458), an attacker can exploit these flaws to carry out a man-in-the-middle attack to trick the service’s Web Services Management tool into disclosing sensitive information.

Netgear addressed the flaws with the release of the firmware version 4.6.14.3 on January 19, 2023.

The security firm is not aware of attacks in the wild exploiting these flaws.

“Users are encouraged to update these affected products as soon as possible: Netgear Orbi Satellite RBS750, version 4.6.8.5. Talos tested and confirmed these versions of the Orbi system could be exploited by these vulnerabilities.” concludes the advisory.

The company also released Snort rules (60474 – 60477 and 60499) to detect exploitation attempts against this vulnerability.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Netgear Orbi)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Google's Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively…

6 hours ago

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during…

18 hours ago

INC Ransom stole 3TB of data from the National Health Service (NHS) of Scotland

The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening…

22 hours ago

CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft SharePoint vulnerability disclosed at the…

1 day ago

The DDR Advantage: Real-Time Data Defense

This is the advantage of Data Detection and Response (DDR) for organizations aiming to build…

1 day ago

Finnish police linked APT31 to the 2021 parliament attack

The Finnish Police attributed the attack against the parliament that occurred in March 2021 to…

2 days ago

This website uses cookies.